(RADIATOR) Radiator and Opendirectory
Hugh Irvine
hugh at open.com.au
Thu Oct 14 02:59:14 CDT 2004
Hello Phil -
It doesn't look like you have specified the AuthDN and AuthPassword.
See section 6.36 in the Radiator 3.10 reference manual ("doc/ref.html").
regards
Hugh
On 14 Oct 2004, at 09:54, Philip Ershler wrote:
> Hi,
> I've got a Radiator RADIUS Server up and running on a MacOSX 10.3.5
> Server system. I'm using the server to authenticate wireless users
> with a WPA scheme using eap_ttls. I can currently authenticate using
> <AuthBy FILE> just fine. What I'd really like to do is authenticate
> using Apple's LDAP/OpenDirectory (server authenticates user). I have
> tried the example opendirectory.cfg from goodies, but I can't
> authenticate. Here's what happens in the log when I try. Everything is
> fine with the inner authentication machinery. The username and
> password get picked out correctly, but then ...
>
> Wed Oct 13 17:38:05 2004: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Oct 13 17:38:05 2004: DEBUG: Deleting session for ershler,
> 10.0.1.1,
> Wed Oct 13 17:38:05 2004: DEBUG: Handling with Radius::AuthLDAP2:
> Wed Oct 13 17:38:05 2004: INFO: Connecting to 155.100.140.12, port 389
> Wed Oct 13 17:38:05 2004: INFO: Attempting to bind to LDAP server
> 155.100.140.12:389)
> Wed Oct 13 17:38:05 2004: ERR: Could not bind connection with , ,
> error: LDAP_PROTOCOL_ERROR (server 155.100.140.12:389).
> Wed Oct 13 17:38:05 2004: ERR: Backing off from 155.100.140.12:389 for
> 600 seconds.
> Wed Oct 13 17:38:05 2004: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 13 17:38:05 2004: DEBUG: Radius::AuthFILE looks for match with
> ershler
> Wed Oct 13 17:38:05 2004: INFO: Access rejected for ershler: No such
> user
> Wed Oct 13 17:38:05 2004: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Wed Oct 13 17:38:05 2004: INFO: Access rejected for ershler: EAP TTLS
> inner authentication redespatched to a Handler
> Wed Oct 13 17:38:05 2004: DEBUG: Packet dump:
> *** Sending to 155.100.140.15 port 1026 ....
> Code: Access-Reject
> Identifier: 16
> Authentic: <25><141><0><244>`<204><218><155>Ro<247><1><203>K<143><147>
> Attributes:
> EAP-Message = <4><6><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
>
> I notice the date on the opendirectory,cfg example file is quite old.
> Is there anything any newer? I've got a few more questions, but one
> step at a time.
>
> Thanks, Phil
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list